Sign-up/Login system with Tornado

[Antonio Pintus]

Hi,

I need to realize a Sign-up/login system for my Tornado Web-based
application.
I've found some examples based on bcrypt, also reading that it's too
heavy for Tornado IO Loop feature.
Can anyone suggest me a feasible way, please?


Any suggestion, link, hint are welcome!

Thank you!

Cheers,

Antonio




--

Antonio Pintus

e-mail: pin...@gmail.com
Home Page: http://www.pintux.it
Blog: http://jaranto.blogspot.com
Photography: http://www.flickr.com/photos/pintux/
Twitter: twitter.com/apintux

[Andy Boot]

I'm fairly new to tornado but I don't think its a major problem.

I am using bcrypt (with a small salt) directly in my app and I have seen apps on github that also use bcrypt without delegating the encryption to something like Celery  

What blogs have you read on the subject?

andy,

[Frank Smit]

Hi.

I did some testing on my laptop (not a fast one) a while ago and
Bcrypt really slowed down things. Using a threadpool[1] doubled
performance. I haven't tested solutions like Celery, but I think that
would be better than creating Bcrypt hashes in the IOLoop.

[1]: https://gist.github.com/2577781

[Arek Bochinski]

I use multi-step password creation. First time a password is created, it is done with PBKDF2 and with salt/key/iteration
settings to make it fast and cheap on CPU time. Then, I defer a second job to a Gearman worker that does
an update with a more costly update of the password that hogs the CPU.

On Mon, Jun 11, 2012 at 12:59 PM, Dmitri Cherniak <dmi...@gmail.com> wrote:

I used bcrypt directly in a sample blog post once, but in production I pass it off to an internal HTTP service using asynchttpclient.

[Michael Wilson]

How do you handle password validation? Isn't that just as expensive since you have to bcrypt whatever
the used entered?

[Arek Bochinski]

Login procedure uses Async HTTP client, and password regeneration and comparison is done in that
back-end API.